Gartner Analysts: Cyber Attacks Persist Due to Low Cost, High Success

Two research directors from IT advisory firm Gartner said today that sophisticated cyber attacks are likely to remain a permanent feature of the IT landscape because of their enduring ability to provide attackers with outsized monetary, social, and political payoffs.

Speaking at the firm’s Security and Risk Management Summit in National Harbor, Md., Gartner research directors Gorka Sadowski and Pete Shoard pointed to the underlying financial and political motivations of attackers, and contended that any amount of defensive effort on the part of their targets won’t be sufficient to entirely blunt the motivations of attackers.

Join us on June 14 at the Marriott Marquis in D.C. as we drill down on the strategies and solutions needed to support an agile, flexible, scalable – and secure – digital government. Learn more and registerOn the political front, the largest driver for cyber threat growth is people, who the Gartner officials called “the primary vector for attacks via social media manipulation.”

And attacks accomplished by manipulation of opinion are immeasurably cheaper to conduct than conventional military or other attacks that might be required to achieve the same results. “Cyber war to install your favorite president is cheaper than military action,” quipped Shoard.

Black-hat hackers, Sadowski said, are handsomely compensated for finding new ways to exploit IT system vulnerabilities, and can often sell their exploits to third-party brokers for prices in excess of $2 million each. “It’s all about making money,” they said.

Hacking technologies currently on the upswing with cyber criminals include ransomware attacks that are run as third-party services for clients that can supply sufficient email addresses to exploit, and technologies that exploit Internet of Things devices to grow botnets that then hijack computing resources used to mine for bitcoin.

The Gartner directors ran down the usual list of steps network operators can take to defend against attacks–including diligent patching practices and focusing on solving “the big and easy problems first”–but concluded that, “You cannot prevent threats…What you can do is limit cyber exposure.”